Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-11-25 | Increase default datasize limit from 512M to 768M on amd64. This | Alexander Bluhm | |
allows to build xenocara with extra options in malloc.conf. OK deraadt@ | |||
2016-11-20 | Fix up some permissions in RELEASEDIR and /var/sysmerge. | Theo Buehler | |
help, testing & ok rpe | |||
2016-11-19 | Enable builds with a dedicated user that cannot elevate privileges or write | Theo Buehler | |
to /usr/src or /usr/xenocara. Change /usr/{,x}obj to owner build:wobj with mode 770 and install the systemwide makefiles before starting a build. The root of the noperm fs containing DESTDIR should also be owned by build:wobj. Developers will need to add their users to group wobj to be able to write to /usr/{,x}obj/. "push forward" deraadt; testing, input & ok rpe | |||
2016-11-17 | sync | Stuart Henderson | |
2016-11-15 | Introduce the build user and the wobj group that will soon be used as | Theo Buehler | |
defaults for building the system from source. ok deraadt | |||
2016-11-09 | Remove /usr/libdata/perl5/site_perl, it is no longer needed. | Todd C. Miller | |
OK tb@ | |||
2016-11-05 | Remove the obj, xobj and src directories from the base set. | Robert Peichaer | |
The installer will create these directories during install. So local setups will not get overwritten during upgrades. idea from and OK deraadt@ with help from and OK tb@ feedback from and no objections halex@ | |||
2016-11-04 | spacing | Robert Peichaer | |
2016-10-31 | Add the -d flag to the update command, so directories are created | Theo Buehler | |
with 'cvs up'. Prompted by a question by patrick keshishian, diff by Raf Czlonka. ok phessler, jca; mild opposition from schwarze | |||
2016-10-14 | Build the bundle of GENERIC* kernels in using the new compile metods, | Theo de Raadt | |
and de-escalate to $BUILDUSER. Much help from natano and tb. | |||
2016-10-09 | Remove check for RELEASEDIR permissions, there are usecases where other | Martin Natano | |
filesystem permissions are required. requested by deraadt | |||
2016-10-09 | Check that DESTDIR is on a noperm filesystem that's properly locked | Martin Natano | |
down and enforce reasonable permissions for RELEASEDIR. prodded by and ok deraadt ok tb | |||
2016-10-07 | use better uid/gid for _switchd | Theo de Raadt | |
2016-10-07 | first set -max limit, then -cur, otherwise if -cur si higher than the current | Otto Moerbeek | |
max, it won't be set. noted by Evgeny Grin; ok millert@ | |||
2016-10-06 | Add _switchd | Reyk Floeter | |
2016-10-06 | Add switchd | Reyk Floeter | |
OK deraadt@ | |||
2016-10-06 | Move vmd down as VMs might need the host's dhcpd, httpd etc. on startup. | Reyk Floeter | |
OK mlarkin@ deraadt@ | |||
2016-10-06 | Print the root check error message to stderr. While there add the name | Martin Natano | |
of the target to the message to be more descriptive. ok deraadt tb | |||
2016-10-06 | Build kernels as root for now. Otherwise we run into permission issues | Martin Natano | |
when the source tree is not owned by ${BUILDUSER}. ok deraadt | |||
2016-10-05 | conditionally create obj & xobj same way that src is handled | Theo de Raadt | |
ok natano | |||
2016-10-05 | Change switch "wireless" to another example - bridging from VM to | Reyk Floeter | |
wireless in station mode is not supported. | |||
2016-10-05 | De-escalate to an unprivileged users during 'make build' and 'make release'. | Martin Natano | |
- If you start make build as root, everything will be run as root. Nothing new here. New is, that you can set BUILDUSER=somebody and the unprived parts will be run as somebody. - If you start make build with sudo, the unprived parts will be run as the real user (meaning YOU). You can still set BUILDUSER=somebody and the uprived parts will run as somebody. - If you start make build as a normal user it will error out. "I'm sorry Dave." Note that DESTDIR must be on partition with the noperm flag set for make release to work correctly as an unprivileged user. idea and ok deraadt input and ok tb ratchov millert rpe, halex and probably others where part of the conversation to make this happen, thanks! | |||
2016-10-05 | Add support for enhanced networking configuration and virtual switches. | Reyk Floeter | |
See vm.conf(5) for more details. OK mlarkin@ | |||
2016-10-04 | stop supporting SUDO builds. Something better is coming, so let's | Theo de Raadt | |
align everyone who is using SUDO builds towards the new strategy. ok natano | |||
2016-09-27 | Run acpidump(8) at system startup and store ACPI tables in the | Robert Peichaer | |
/var/db/acpi directory. Later sendbug(1) will use this data in bug reports. That directory is created by mtree. idea from and OK deraadt OK kettenis | |||
2016-09-27 | Delay switch(4) interface start up so it can attach virtual interfaces | Rafael Zalamena | |
like vether(4). nits from and ok benno@, phessler@ | |||
2016-09-27 | Add unprivileged user for traceroute. | Florian Obser | |
Input deraadt@ OK benno@, sthen@ | |||
2016-09-26 | + _ping | Otto Moerbeek | |
2016-09-26 | Add _ping user/group. | Florian Obser | |
OK natano on a previous diff which used a different uid/gid. naddy@ pointed out that uid/gid was already taken on "important" systems. Turns out we cannot easily recycle freed up uids/gids so settle on 51. | |||
2016-09-26 | Add /etc/acme-client.conf to mtree/special and changelist. | Antoine Jacoutot | |
ok deraadt@ sthen@ florian@ | |||
2016-09-21 | the account key(s) live in /etc/acme; OK benno@ | Florian Obser | |
2016-09-18 | fix build | Theo de Raadt | |
2016-09-18 | add a config file parser to acme-client (unused at the moment, so that | Sebastian Benoit | |
it can be worked on in the tree). ok florian@ deraadt@ | |||
2016-09-17 | pathnames for cert and key files need to be quoted. | T.J. Townsend | |
reported by brynet | |||
2016-09-17 | add example certificate and key files generated with acme-client. | T.J. Townsend | |
ok florian | |||
2016-09-14 | Do the same with less code. | Robert Peichaer | |
OK halex | |||
2016-09-13 | proxy uid/gid was split up for seperate purposes; it can go away now. | Theo de Raadt | |
2016-09-11 | sync | Theo de Raadt | |
2016-09-11 | cua/tty nodes only need group dialer, the initial uid does not | Theo de Raadt | |
matter much -- and "uucp" is just stupid in 2016. ok rpe | |||
2016-09-11 | Set owner for /etc/{passwd,pwd.db,spwd.db} and /var/sysmerge/etcsum. | Martin Natano | |
from rpe | |||
2016-09-11 | Add a few directories missed in the past | Matthieu Herrb | |
2016-09-11 | The /etc/{localtime,rmt}, /var/tmp and /sys symlinks and the etc tarball | Martin Natano | |
should be owned by root. ok deraadt | |||
2016-09-11 | sync | Theo de Raadt | |
2016-09-11 | extra spaces | Theo de Raadt | |
2016-09-10 | Unbreak ksh.kshrc by using a MI way of finding out the console device name. | Robert Peichaer | |
Found by landry OK deraadt | |||
2016-09-10 | Simplify setting the USER and UID variables. | Robert Peichaer | |
While here, convert `` to $(). OK halex | |||
2016-09-10 | Remove remnants of rlogin, it's long gone (2002). | Robert Peichaer | |
OK halex | |||
2016-09-10 | Identation | Robert Peichaer | |
OK halex, krw | |||
2016-09-09 | print a clear error message when not ran as root instead of just falling | Jasper Lievisse Adriaanse | |
through and try whatever it can do with the invoking user's perms feedback/ok aja@ rpe@ | |||
2016-09-09 | Convert [] to ksh style [[]] tests. | Robert Peichaer | |
Based on a diff from Anthony Coulter. OK krw, halex |